You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sap/workloads/rise-integration.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -196,7 +196,7 @@ SSO against Active Directory (AD) of your Windows domain for ECS/RISE managed SA
196
196
197
197
The Microsoft Sentinel solution for SAP applications allows you to monitor, detect, and respond to suspicious activities and guard your critical data against sophisticated cyberattacks for SAP systems hosted on Azure, other clouds, or on-premises infrastructure.
198
198
199
-
The solution allows you to gain visibility to user activities on SAP RISE/ECS and the SAP business logic layers and leverage Sentinel’s built-in features.
199
+
The solution allows you to gain visibility to user activities on SAP RISE/ECS and the SAP business logic layers and leverage Sentinel’s built-in content.
200
200
- Use a single console to monitor all your enterprise estate including SAP instances in SAP RISE/ECS on Azure and other clouds, SAP Azure native and on-premise estate
201
201
- Detect and automatically respond to threats: detect suspicious activity including privilege escalation, unauthorized changes, sensitive transactions, data exfiltration and more with out-of-the-box detection capabilities
202
202
- Correlate SAP activity with other signals: more accurately detect SAP threats by cross-correlating across endpoints, AAD data and more
@@ -213,12 +213,9 @@ To enable the solution, only an authorized RFC user is required and nothing need
213
213
- Authentication methods supported in SAP RISE: SAP username and password or X509/SNC certificates
214
214
- Only RFC based connections are possible currently with SAP RISE/ECS environments
215
215
216
-
The following data sources may not available for a SAP RISE/ECS landscape:
217
-
- Client IP address information from SAP security audit log (*)
218
-
- DB table logs (preview), spool output log (*)
219
-
- SAPControl and JAVA application server logs
220
-
- Infrastructure and operating system logs (for example VMs running SAP). All aspects of the Azure infrastructure and operation system are monitored by SAP independently
221
-
*(*) Items noted with (*) require a change request with modifications and/or parameters for which SAP needs to be contacted.*
216
+
Note for running Microsoft Sentinel in a SAP RISE/ECS environment:
217
+
- The following log fields/source require an SAP transport change request to be deployed: Client IP address information from SAP security audit log, DB table logs (preview), spool output log. Sentinel's built-in content (detections, workbooks and playbooks) provides extensive coverage and correlation without those log sources.
218
+
- SAP infrastructure and operating system logs are not available to Sentinel in RISE, including VMs running SAP, SAPControl data sources, network resources placed within ECS. Aspects of the Azure infrastructure and operation system are monitored by SAP independently.
222
219
223
220
For more information on Microsoft Sentinel and SAP, including a deployment guide, see [Sentinel product documentation](/azure/sentinel/sap/deployment-overview).
0 commit comments